Re: [Ace] Summary of ACE Group Communication Security Discussion

kathleen.moriarty.ietf@gmail.com Mon, 26 September 2016 12:30 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61ECC12B1B5 for <ace@ietfa.amsl.com>; Mon, 26 Sep 2016 05:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sAYIe3I8J3ys for <ace@ietfa.amsl.com>; Mon, 26 Sep 2016 05:30:38 -0700 (PDT)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4501312B1B1 for <Ace@ietf.org>; Mon, 26 Sep 2016 05:30:38 -0700 (PDT)
Received: by mail-qk0-x22e.google.com with SMTP id n185so161265670qke.1 for <Ace@ietf.org>; Mon, 26 Sep 2016 05:30:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PLmkegpdOklqU5Iw4+44hivtQl3OmDJtIY3VjTiWn7w=; b=zCztKilB7GzSC+B6TKDWDKexZNo1d86bD+X4U0spNf75hcJSHXIkxaW9KvA5gWffO6 mMZxoUnBzuxgULFErVH1RLhAoaLePIRqKFI8FK4SZPeTUql9dgTA7E/plZVn1uj/VBL9 XLlxr6xR+4hD97wH5PpZEvluA9nCYuGwZMaoMU39Yq2AlRPxdQJuGwjbgfFTclJWenGR fNdrT7TG+FUM5flE1p/kpTxpOZ/qZtGqvgRdXtWksiAbu77q4WRu7I+B/CaAZlsks6LM AdOAq1txDO7JvV6igcVn1AIuXUlZQz5Zij5cklK5WeYihVLwcEDEH64PHXPaQLM7cooa G6Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PLmkegpdOklqU5Iw4+44hivtQl3OmDJtIY3VjTiWn7w=; b=g79se1Fw7jQ4SZFn4cKonySnOdnsYZP8EkOHjfraWs0Rw/a+9AqYhUMW0QMTBc1OqA b7vBcijUVhAXiORUpVB0sPlf7ijIFjwpk2T9/txz83Iy22fjYld9B6dY6TYw1doFELzJ BMEF6We+QDUAPE8yQ7a/Yvkv2NAGe1cICL4gOZwlac3h7B+zYuJZML5Xii8eLNE5fyyv yo7bIUsa4sbOyjnHmEcUA9asEQHhCcjdxPlt+ke3lrF5AvnAE5HrRvwJnDzccXMWRHan XW4puU06wI7co7UjBo9fu07pyhAM7MXU7WhZWUxA/I4XILs8VTc8c7juGN/N2d9Us5Du fJ+Q==
X-Gm-Message-State: AA6/9RnUWv/I56TcoqwkyRJnkUNNBE8JfFDRIJipUGbwgLpdGc6mxmBD3awqFx63nfJ4Lw==
X-Received: by 10.55.145.129 with SMTP id t123mr20589789qkd.130.1474893037305; Mon, 26 Sep 2016 05:30:37 -0700 (PDT)
Received: from [192.168.1.8] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id x24sm11440659qtc.31.2016.09.26.05.30.36 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Sep 2016 05:30:36 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (13G36)
In-Reply-To: <1cc7f243-e7f7-6ec5-7140-88c74853dc34@gmx.net>
Date: Mon, 26 Sep 2016 08:30:35 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <04FDEBEF-68CF-4DC6-B760-4DFB1B87D22C@gmail.com>
References: <D40F1535.451DD%kepeng.lkp@alibaba-inc.com> <1cc7f243-e7f7-6ec5-7140-88c74853dc34@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/LA6FMFMvKivHG5jONTWyBvcNhjo>
Cc: Kepeng Li <kepeng.lkp@alibaba-inc.com>, ace <Ace@ietf.org>
Subject: Re: [Ace] Summary of ACE Group Communication Security Discussion
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 12:30:40 -0000

Without a hat on, you can add my support to Abhinav's proposal.  Perfect is ideal, but you often can not make any progress if you accept nothing less.  The security considerations section will have to be thorough.

Kathleen 

Please excuse typos, sent from handheld device 

> On Sep 26, 2016, at 7:11 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> I noticed that Eliot also expressed support for the approach presented by Abhinav, see https://mailarchive.ietf.org/arch/msg/ace/ctCtj9QT0WwBDki7vxgVeYVzFaI
> 
> Ciao
> Hannes
> 
>> On 09/26/2016 07:11 PM, Kepeng Li wrote:
>> Hi all,
>> 
>> 
>> We went through all email exchanges again in order to see where we are.
>> Abhinav also proposed a way forward in his email to the list,
>> see https://www.ietf.org/mail-archive/web/ace/current/msg01961.html,
>> where he proposed to standardize a solution based on public key as well
>> as symmetric key cryptography.
>> 
>> 
>> Here is our impression of the views presented by various people.
>> 
>> 
>> Mike seems to think the only acceptable solution is to use messages
>> signed using public key crypto and is strongly against working on a
>> symmetric key group communication protocol.
>> 
>> 
>> Paul Duffy and Michael Richardson are in favor of defining a public key
>> crypto solution but it is not clear whether they are against specifying
>> a symmetric key solution as well.
>> 
>> 
>> Walter, Abhinav, Sandeep, Hannes are in favor of working on a symmetric
>> key group communication security protocols (as co-authors of the work).
>> Oscar Garcia (Philips) is also in favor of the work.
>> 
>> 
>> In this mail to the list,
>> see https://www.ietf.org/mail-archive/web/ace/current/msg01931.html,
>> Robert Cragie (ARM) expressed a view that public key crypto is the
>> preferred solution but others based on symmetric crypto are still worthy
>> of consideration.
>> 
>> 
>> Markus Grunwald (Osram) also appears to be in favor of the proposed
>> approach, see
>> 
>> https://www.ietf.org/mail-archive/web/ace/current/msg01932.html
>> 
>> 
>> 
>> Akbar Rahman also seems to be in favor of working on a group
>> communication security protocol, see
>> 
>> https://www.ietf.org/mail-archive/web/ace/current/msg01873.html
>> 
>> 
>> 
>> Ned Smith also seems to be in favor of working on a group communication
>> security protocol, as expressed in his mail to the list:
>> 
>> https://www.ietf.org/mail-archive/web/ace/current/msg01872.html
>> 
>> 
>> 
>> The opinion of the following persons in the discussion appear unclear to me:
>> 
>> - Mohit Sethi
>> 
>> - Ludwig Seitz
>> 
>> - Carsten Bormann
>> 
>> - Stephen Farrell
>> 
>> - Jim Schaad (offered clarifications regarding the use of COSE)
>> 
>> 
>> 
>> Pascal Urien and Rene Struik provided performance data but they didn't
>> appear to have expressed a strong view about the question regarding
>> symmetric vs. asymmetric crypto for group communication security.
>> 
>> Derek Atkins offered performance data for public key crypto but refers
>> to new techniques (rather than RSA/ECC).
>> 
>> 
>> 
>> Please correct us if we are wrong in our interpretation of your mail
>> postings.
>> 
>> 
>> 
>> Ciao
>> 
>> Hannes & Kepeng
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Ace mailing list
>> Ace@ietf.org
>> https://www.ietf.org/mailman/listinfo/ace
>>